Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/electr0lulz/Mass-exploit-CVE-2022-29464

Mass Exploit for CVE 2022-29464 on Carbon
https://github.com/electr0lulz/Mass-exploit-CVE-2022-29464

0day auto-exploiter bash carbon cve cve-2022-29464 exploit massexploit python shodan

Last synced: about 6 hours ago
JSON representation

Mass Exploit for CVE 2022-29464 on Carbon

Host: GitHub
URL: https://github.com/electr0lulz/Mass-exploit-CVE-2022-29464
Owner: electr0lulz
License: gpl-3.0
Created: 2022-06-22T20:58:33.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2022-06-22T23:54:38.000Z (over 2 years ago)
Last Synced: 2024-01-28T16:32:38.350Z (10 months ago)
Topics: 0day, auto-exploiter, bash, carbon, cve, cve-2022-29464, exploit, massexploit, python, shodan
Language: Python
Homepage:
Size: 251 KB
Stars: 17
Watchers: 2
Forks: 9
Open Issues: 2
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-ip-search-engines - Mass-exploit-CVE-2022-29464 Shodan

README

## Meow Meow Meow!

Just a Mass Exploit based on a Python PoC for # WSO2 Carbon Server [CVE-2022-29464](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29464)

Pre-auth RCE bug [CVE-2022-29464](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29464).

## Meow Meow Meow? Requirements?

Python3

Shodan

Zoomeye

A Brain

## What is this tool?

This is a mass-autoscan-exploit of [CVE-2022-29464](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29464) based on the PoC wrote in python by a third part.

The Py file is available and readable, see also the bash script that don't contain any encoded string.

Massexploit will upload a shell and a reverse shell and print out the path to access it. Easy, Quick and Cool.

I know that probably the code could be wrote better and saving some lines, but i did it when i was drunk and just to do something.

So?

Just run:

```bash
./mass_exploit.sh
```
This command can setup your shodan and zoomeye tool, API included (if you want to skip the setup of tools or api, just press enter to skip.)

Then it start search for vulnerable hosts based on the dorks (examples are provided in the file examples_dorks.txt).

If you prefer, the manual mode is always available through the command below.

The mass_exploit.sh output will be printed in the shell screen.

![PoC](https://github.com/electr0lulz/Mass-exploit-CVE-2022-29464/blob/12c649eddaed6033a1aec05d27fc93408900a128/poc.png)

```bash
python3 exploit.py -u host:port
```
or easily:

```bash
python3 exploit.py -f
```
################################################################

## Search tools:

## Shodan

Get your account and an API Key here: https://account.shodan.io/

```bash
sudo apt-get install python-setuptools -y
sudo apt-get install pip -y
pip install shodan
easy_install shodan
```
## Zoomeye

Get an account and your API Key here: https://www.zoomeye.org/
```bash
pip3 install git+https://github.com/knownsec/ZoomEye-python.git
```
## Enjoy it

This tool has been provided just for accademic purposes. I am not responsible for any illegal action made with this code.

Electrolulz - https://github.com/electr0lulz - [email protected]

Tested on a Ubuntu based O.S.